Confidential Computing (CoCo) guests encrypt private memory by default. DAX memory regions allow a guest to bypass its own (private) page cache and instead use host memory, which is not private to the guest.
Commit 867400af90f1 ("mm/memremap.c: map FS_DAX device memory as decrypted") only ensures that FS_DAX memory is appropriately marked as decrypted. As such, also mark device-dax memory as decrypted. Signed-off-by: Kevin Loughlin <kevinlough...@google.com> --- drivers/dax/device.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/dax/device.c b/drivers/dax/device.c index 2051e4f73c8a..a284442d7ecc 100644 --- a/drivers/dax/device.c +++ b/drivers/dax/device.c @@ -11,6 +11,7 @@ #include <linux/fs.h> #include <linux/mm.h> #include <linux/mman.h> +#include <linux/cc_platform.h> #include "dax-private.h" #include "bus.h" @@ -303,6 +304,8 @@ static int dax_mmap(struct file *filp, struct vm_area_struct *vma) vma->vm_ops = &dax_vm_ops; vm_flags_set(vma, VM_HUGEPAGE); + if (cc_platform_has(CC_ATTR_MEM_ENCRYPT)) + vma->vm_page_prot = pgprot_decrypted(vma->vm_page_prot); return 0; } -- 2.46.0.76.ge559c4bf1a-goog